58 lines
1.3 KiB
Nix
58 lines
1.3 KiB
Nix
{
|
|
config,
|
|
pkgs,
|
|
...
|
|
}: {
|
|
services.gitea-actions-runner = {
|
|
instances.default = {
|
|
enable = true;
|
|
name = "${config.networking.hostName}-runner";
|
|
url = "https://code.m3ta.dev";
|
|
tokenFile = config.age.secrets.gitea-runner-token.path;
|
|
|
|
# nixos:host is primary, ubuntu is fallback
|
|
labels = [
|
|
"nixos:host"
|
|
];
|
|
|
|
# Host execution packages
|
|
hostPackages = with pkgs; [
|
|
bash
|
|
curl
|
|
coreutils
|
|
git
|
|
jq
|
|
nix
|
|
nix-update
|
|
nodejs
|
|
# Add any other tools you need for nix-update workflows
|
|
];
|
|
|
|
# Advanced settings
|
|
settings = {
|
|
runner = {
|
|
capacity = 4; # One job at a time (increase if you have resources)
|
|
timeout = "4h"; # Nix builds can take a while
|
|
};
|
|
cache = {enabled = true;};
|
|
container = {
|
|
enable_ipv6 = true;
|
|
privileged = false;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
# User management (auto-created by module, but ensuring proper setup)
|
|
users.users.gitea-runner = {
|
|
home = "/var/lib/gitea-runner";
|
|
group = "gitea-runner";
|
|
isSystemUser = true;
|
|
createHome = true;
|
|
};
|
|
users.groups.gitea-runner = {};
|
|
|
|
# Firewall: Allow Podman bridge networks for cache actions
|
|
networking.firewall.trustedInterfaces = ["br-+"];
|
|
}
|